Commit Graph

5707 Commits (a471dbeebfb9a1cd6da8b671890d2fbf488cd084)

Author SHA1 Message Date
muxator c0d9797d0f formatting: remove trailing whitespaces on files Sebastian is going to modify
In the following commits Sebastian is going to edit three files. This change is
necessary make evident what he is going to modify, because some of them are old
vendorized libraries whose history we might want to reconstruct.

No functional changes.

Command:
    sed --in-place 's/[[:space:]]*$//' src/static/js/farbtastic.js
    sed --in-place 's/[[:space:]]*$//' src/static/js/gritter.js
    sed --in-place 's/[[:space:]]*$//' tests/frontend/specs/change_user_color.js
2020-04-19 03:03:44 +02:00
Sebastian Castro 082906ace2 css: Improve toolbar icon positionning 2020-04-19 03:03:44 +02:00
Sebastian Castro 8e467ce9aa css: add new icons (mic, video, mic slash, video slash, cancel)
Fix icon spin animation for popup "reconnecting to your pad"
2020-04-19 03:03:44 +02:00
Sebastian Castro 0923cd3f21 css: make all editor containers use the same background color 2020-04-19 03:03:44 +02:00
Sebastian Castro e0f63a4a14 css: add skin scrollbar 2020-04-19 03:03:44 +02:00
Sebastian Castro 5fd6aeeea6 css: refactor element positioning
No more javascript to change css properties
Remove a number of useless tables
Try to stop positioning elements with absolute, but use flex-boxes instead

Adds comment to pad template, and move popups and chatbox inside editorcontainerbox (so absolute positioning is straightforward)

Make the design more consistent: always use base color, font-family and font-size. USe relative font size if necessary (.9rem instead of 11px for example)

Remove two columns in the popups, just use one column

Remove css meant to support old browser (like -webkit-box-shadow, -moz-box-shadow). Those css rules are quite common now, and If we want to support very old browser, we should use clean-css or other tools to add them automatically
2020-04-19 03:03:44 +02:00
Sebastian Castro 0603bf8097 css: remove no more used element
#nootherusers, #chatthrob, #focusprotector, #mystatusform, .hotrect, .throbbold
2020-04-19 03:03:44 +02:00
Sebastian Castro 4177b3f943 css: split base CSS code into subfiles (without modifications) 2020-04-19 03:03:44 +02:00
muxator 0b0608d7d4 skins: use "colibris" as default, even when no settings.json is present
Starting with Etherpad 1.8.3 we decided to use Colibris as default skin for new
installs. Without this change, when starting with no settings.json file,
Etherpad would (wrongly) use "no-skin".

This change should have been part of 70bc71c0c3.
2020-04-19 02:58:35 +02:00
Sebastian Castro 8956efc4ae bin: add fastRun.sh script for developers
Useful for developers, or users that know what they are doing. If you just
upgraded Etherpad version, installed a new dependency, or are simply unsure of
what to do, then before running this script, please execute bin/installDeps.sh
once.

Fixes #3711 (partially)
2020-04-17 18:36:24 +02:00
translatewiki.net b2aa0881af Localisation updates from https://translatewiki.net. 2020-04-16 17:06:58 +02:00
Christian Schröder 5537ef3950 test: fix settings loading in api/instance backend test
With commit 44186ed (tests: remove loadSettings.js for backend tests.)
the loading of the settings in backendtests changed. One test spec
was not updated.
2020-04-16 03:03:20 +02:00
Christian Schröder f0fdb94eb0 PadMessageHandler: fix for scoping error hiding original error
`r` is undefined outside of the for loop, but used in the catch block of the try
statement
2020-04-16 02:58:47 +02:00
translatewiki.net 4ddcaefed2 Localisation updates from https://translatewiki.net. 2020-04-14 05:23:20 +02:00
muxator 5acbdb83e5 docker: allow to control import/export rate limiting parameters
The newly introduces environment variables are IMPORT_EXPORT_RATE_LIMIT_WINDOW
and IMPORT_EXPORT_MAX_REQ_PER_IP.
2020-04-14 03:36:13 +02:00
John McLear c9d55c81a3 import/export: always rate limit import and exports
This is a departure from previous versions, which did not limit import/export
requests. Now such requests are ALWAYS rate limited. The default is 10 requests
per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3.

Administrators can tune the parameters via settings.importExportRateLimiting.
2020-04-14 03:36:13 +02:00
John McLear 24ee37a38f import: do not allow importing into a pad from the web UI if the user is not on that pad
Importing to a pad is allowed only if an author has a session estabilished and
has already contributed to that specific pad. This means that as long as the
user is on the pad (via the browser) then import is possible.

Note that an author session is NOT the same as a group session, which is not
required.

This setting does not apply to API requests, only to /p/$PAD$/import

This change of behaviour is introduced in Etherpad 1.8.3, and cannot be
disabled.
2020-04-14 03:36:13 +02:00
muxator f5d9b94ca1 docker: allow to control the maximum file size of an import via IMPORT_MAX_SIZE 2020-04-14 03:36:13 +02:00
John McLear f4418149cb import: introduce importMaxFileSize setting. Defaults to 50 MB
From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
file will always be bounded.

The maximum allowed size can be configured via importMaxFileSize.
2020-04-14 03:36:13 +02:00
muxator d1ad29a3d1 importexport: improved logging
This is in preparation to the next activities about import/export securization.
2020-04-14 03:36:13 +02:00
muxator 44186edbc5 tests: remove loadSettings.js for backend tests.
The old loadSettings.js was a way of customizing settings upon load, because
the Settings module did not offer this functionality. But it did not work well,
since all the default settings were not loaded.

Let's get rid of loadSettings.js for the bulk of the tests (the "backend"
specs). For the "container" specs, we'll keep it in place until/if we rewrite
Settings.js making it less brittle.
2020-04-14 03:36:13 +02:00
muxator 419f17371c dependencies: upgrade openapi 2.4.0 -> 2.4.1 2020-04-14 03:05:39 +02:00
muxator 02211cb670 dependencies: updated package-lock.json
No changes at all on our side: this is the churn of all the transitive
dependencies that are not pinned, and bubble up here.
2020-04-14 03:04:22 +02:00
muxator cd28643604 express: document the effect of settings.trustProxy 2020-04-14 01:10:19 +02:00
mathieu.brunot 5503ebdb94 github: Templates for Issues and PR
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2020-04-13 14:45:17 +02:00
mathieu.brunot c3ed04f4ae README.md: Add Travis-CI badge to README
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

📝 Add Travis-CI badge to README

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2020-04-13 11:41:02 +02:00
muxator 83d72d27a4 scroll: replace absolute import with relative one
Fixing this will be useful when we'll want to get rid of require-kernel.

This was introduced by f1fcd16894 ("Add settings to scroll on edition out of
viewport") in 2018-01-03.
2020-04-09 21:09:40 +02:00
translatewiki.net 4699c3e22e Localisation updates from https://translatewiki.net. 2020-04-09 16:00:27 +02:00
muxator 684f374ece runtime: require node >= 10.13.0 LTS
At the moment, NodeJS 10.x is the lowest supported LTS version. NodeJS 8.x is no
longer supported upstream.

Implements #3835.
Planned in #3650.
2020-04-09 04:43:37 +02:00
muxator 6cba0f1dc5 settings: "http://etherpad.org" -> "https://etherpad.org" in the default text of a pad 2020-04-09 03:54:46 +02:00
Chocobozzz 963d12e614 PadManager: use a set instead of an array in padlist
Avoid looping on the array, especially useful if you have many pads.

--HG--
branch : padlist-use-set
2020-04-09 03:39:32 +02:00
Chocobozzz 94ff21e25c PadManager: anchor the addPad regex to the start of the string
This improves the performance a bit, and is more adherent to the logic of the
application.

--HG--
branch : padlist-use-set
2020-04-09 03:39:32 +02:00
Chocobozzz 8c4625ec50 tests: add tests for listAllPads() API call
--HG--
branch : padlist-use-set
2020-04-09 03:39:32 +02:00
Marcin Cieślak df08883a00 SecurityManager: remove double quotes from session cookie content
Sometimes, RFC 6265-compliant [0] web servers may send back a cookie whose value
is enclosed in double quotes, such as:

    Set-Cookie: sessionCookie="s.37cf5299fbf981e14121fba3a588c02b,s.2b21517bf50729d8130ab85736a11346"; Version=1; Path=/; Domain=localhost; Discard

Where the double quotes at the start and the end of the header value are just
delimiters. This is perfectly legal: Etherpad parsing logic should cope with
that, and remove the quotes early in the request phase.

Somehow, this does not happen, and in such cases the actual value that
sessionCookie ends up having is:

    sessionCookie = '"s.37cf5299fbf981e14121fba3a588c02b,s.2b21517bf50729d8130ab85736a11346"'

As quick measure, let's strip the double quotes (when present).
Note that here we are being minimal, limiting ourselves to just removing quotes
at the start and the end of the string.

Fixes #3819.
Also, see #3820.


[0] https://tools.ietf.org/html/rfc6265
2020-04-09 01:14:51 +02:00
John McLear 08b83ae358 LibreOffice: use "html:XHTML Writer File:UTF8" export method
This yields better conversion results, but requires the previous change,
otherwise there would have been difficulties in locating the temporary file
name.
2020-04-08 22:51:25 +02:00
John McLear b2ccd0a191 LibreOffice: decouple the extension of the temporary file from its type
In the next commit, we are going to change the conversion method to
"html:XHTML Writer File:UTF8". Without this change, that conversion method name
would end up in the extension of the temporary file that is created as an
intermediate step. In this way, the file extensione will always stay ".html".

No functional changes, hopefully. Only the extension of the temporary file
should change.
2020-04-08 22:51:25 +02:00
John McLear f6907c5fad contentcollector: remove weird stuff LibreOffice adds to DOM before importing 2020-04-08 22:51:25 +02:00
John McLear a371deb9d1 ImportHandler: quick & dirty way of being more lax when matching <title>
This change is meant to ease using LibreOffice as converter. When LibreOffice
converts a file, it adds some classes to the <title> tag.
This is a quick & dirty way of matching the <title> and comment it out
independently on the classes that are set on it.
2020-04-08 22:51:25 +02:00
John McLear babf67175c undomodule: disallow undoing "clear authorship colors"
Clearing the authorship colors of a document with at least two authors, and then
undoing that action caused a disconnect from the pad.
This change disallows undoing clearing authorship colors in order to prevent
the problem from affecting users, and adds the relative test coverage.

This is a change of behaviour, and is documented in the changelog.

Fixes #2802 (sidestepping it).
2020-04-08 15:20:37 +02:00
Paul Tiedtke ffc718e8c0 docker: add support for arbitrary user ids (for OpenShift compatibility)
This solves a compatibility problem with OpenShift. In OpenShift security
model, the containers are run by arbitrary user ids, but the users are always
a member of the root group.

This PR adjusts the permissions accordingly.

Documentation reference:
https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#use-uid
2020-04-08 15:06:08 +02:00
Paul Tiedtke 79406051fa Settings.js: support newlines in default values when using variable substitution
This allows, among other things, to correctly support the configuration of
defaultPadText in Docker via an environment variable.
2020-04-07 04:32:37 +02:00
John McLear 3872690715
ace2_inner: remove Chrome specific hack
This code was specific for older Chrome versions. It can be simplified now.

Fixes #3487
2020-04-07 03:47:46 +02:00
John McLear 8987c5d813 dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify
This was a major update that required code changes.
2020-04-03 00:05:15 +00:00
muxator a286f32c2a dependencies: remove object.values
This should have been part of 09949c242a ("node8: we no longer need to use a
shim for Object.values in stats.js")
2020-04-07 03:15:10 +02:00
muxator a5ed0b524b dependencies: use fixed versions in package.json
We want to track dependencies as explicitly as possible.
2020-04-07 03:04:23 +02:00
Viljami Kuosmanen 3edd727a94 customError: rewrite the module using class syntax
The previous syntax caused a deprecation warning on Node 10.
However, due to the very old version of log4js Etherpad is currently using,
customError objects are going to be displayed as { inspect: [Function: inspect] }.

This needs to be addressed later, updating log4js.

Fixes #3834.
2020-04-07 02:03:17 +02:00
muxator e6251687bf api: test coverage for getStats() 2020-04-04 22:03:46 +02:00
muxator 4ef59bbda0 api: in getStats(), directly rewrote activePads as an expression
Instead of creating an empty Set and then mutate it.
2020-04-04 22:03:46 +02:00
Chocobozzz 82b919fc65 api: add getStats() function 2020-04-04 22:03:46 +02:00
John McLear eb45934788 remove noise 2020-04-03 11:32:14 +01:00